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1      Introduction 

In  this  paper  we  show  that  the  satisfiability  problem  for  a  sublanguage  of  set  theory  involving 
the  notion  of  rank  and  cardinality  comparison  is  decidable.  We  recall  that  given  a  set,  its  rank 
is  a  measure  of  the  nesting  level  of  elements  within  it,  whereas  its  cardinality  is  the  number  of 
its  elements  (cf.  [Jec78]). 

The  present  result  combines  and  extends  decision  methods  developed  in  [CCF88]  and  [CC88] 
with  integer  linear  programs  (see  for  example  [GN72]  and  [Sal75]  for  various  integer  linear  pro- 
grams algorithms). 

Our  motivation  in  developing  decision  tests  for  sublanguages  of  set  theory  lies  in  a  long  term 
project  for  the  design  and  implementation  of  a  set-theoretically  based  proof  verifier.  Decision 
procedures  of  the  kind  described  in  Theorem  3.1  (see  below)  should  constitute  the  inferential 
core  of  such  a  system  (see  [CS88]). 

The  universe  V  of  sets  we  will  consider  is  the  standard  von  Neumann  universe,  satisfying, 
among  others,  the  axiom  of  foundation: 

"every  non-empty  set  has  an  element  which  is  disjoint  from  it. ' 

One  of  the  consequences  of  this  axiom  is  that  there  cannot  exist  sets  5o.ai.  •  •  •.■Sn,  with  n  any 
natural  number,  such  that 

^0  e  «!  G  •  •  •  €  3n  €  So  . 
It  also  follows  that  our  universe  V  is  stratified  according  to  the  following  recursive  definition 

Vo     =     0 

'This  work  heis  been  partially  supported  by  ENI  and  ENIDATA  within  the  AXL  project. 


0<a 

V    =       U    powiVc), 

aeOrd 

where  Ord  is  the  class  of  all  ordinal  numbers.  Then  the  rank  of  a  set  5,  denoted  by  rank{s),  can 
be  defined  as  the  minimum  ordinal  q  such  that  5  C  Vc  (see  [Jec78]  for  further  details). 

The  class  of  formulae  we  will  consider  in  this  paper  is  denoted  MLSSRC,  an  acronym  for  Multi- 
Level  Syllogistic  with  Singleton,  Rank  comparison,  and  Cardinality  comparison.  MLS  is  the  class 
of  unquantified  set-theoretic  formulae  in  the  language  =,G,U,n,\  together  with  propositional 
connectives;  its  satisfiability  problem  has  been  solved  in  [FOS80].  The  intended  meaning  of  the 
singleton  operator  {•}  and  the  predicates  rank  comparison  <,  <,  and  cardinality  comparison 
I  |<,  I  |<  is  the  following 

•  I  =  {y)  is  true  if  y  is  the  only  member  of  i; 

•  2:  <  y  [resp.  i  <  y]  is  true  if  and  only  \i  rank{x)  <  rank{y)  [resp.  rank{x)  <  rank{y)]; 

•  x\  |<y  [resp.  x\  |<y]  is  true  if  and  only  if  |x|  <  \y\  [resp.  |x|  <  |y|],  i.e.  if  and  only  if  the 
number  of  elements  in  x  is  less  than  or  equal  to  [resp.  less  than]  the  number  of  elements 
in  y.  For  simplicity  we  wiU  write  |i|  <  \y\  [resp.  |i|  <  |y|]  in  place  of  i|  |<y  [resp.  ar|  |<y]. 

By  a  simple  normalization  procedure  (cf.  [Can88],  [CC88])  it  can  easily  be  shown  that  the 
satisfiability  problem  for  the  class  of  formulae  MLSSRC  is  equivalent  to  the  injective  satisfiability 
problem  for  conjunctions  of  literals  each  of  which  has  one  of  the  following  types: 


(=) 

X  =  yUz ,  X  =  y\z 

({•}) 

^  =  {y) 

(<,<) 

x<y , x<y 

(ll<  Jl<) 

kl  <  lyl ,  kl  <  |y| , 

where  we  recall  that  a  formula  is  injectively  satisfiable  if  it  has  a  1-1  model.  We  will  call  such 
formulae  normalized  conjunctions  of  MLSSRC. 

The  decidability  of  the  extension  of  MLS  with  the  singleton  operator,  the  cardinality  operator 
together  with  arithmetic  addition,  subtraction  and  comparison  was  proved  in  [FOS80].  Also,  the 
decidability  of  MLS  extended  with  the  singleton  operator  and  the  rank  comparison  predicate 
was  established  in  [CCF88].  This  paper  extends  and  unifies  both  such  results. 

Let  P  be  any  normalized  conjunction  of  MLSSRC.  The  following  notion  of  place  of  P  is  of 
central  importance  in  what  follows  (cf.  [CFMS87],  [CS88],  [CCF88];  see  also  [Can88]  and  [CC88] 
for  an  extensive  bibliography). 

Definition  1.1  Given  a  conjunction  P,  a  place  of  P  is  any  0/1-valued  function  t  defined  on 
the  set  of  variables  of  P  and  such  that  7r(i)  =  Tt{y)\/ n{z)  [resp.  ir{x)  =  ir{y)  ^  -•n(z)]  whenever 
X  =  yUz  [resp.  x  =  y\zj  occurs  in  P.  (Here  we  are  obviously  identifying  0  and  1  with  the  truth 
values  false  and  true,  respectively.)  I 


2      Preliminary  definitions 

In  order  to  give  the  decision  test  for  MLSSRC,  we  need  a  bit  of  terminology.  Let  P  be  a  nor- 
malized conjunction  of  MLSSRC.  Let  V  =  {yi,y2i  •  •  •,  J/m}  be  the  collection  of  distinct  variables 
occuring  in  P.  Let  also  11  =  {ttj  , . . . ,  x„}  be  a  set  of  places  for  P. 

Remsirk  2.1  In  the  following  we  will  freely  identify  variables  y,  and  places  tt,  with  their  indices 
5  and  i,  respectively.  I 

Definition  2.1  We  say  that  a  place  tt,  is  a  singleton  place  if  there  exist  y,,  yt  such  that  y,  =  {y<} 
is  in  P  and  ri{yg)  =  1. 

We  denote  by  SING  the  set  of  singleton  places.  I 

To  each  variable  y,  we  associate  the  set  of  places  n(y,)  defined  by 

n(y,)={::x,(y,)=l}.  (1) 

Moreover,  given  a  map  F  :  {1,2,  ...,m}  — ►  {1,2,.  ..,n},  to  each  place  tt,  we  associate  the  set  of 
\-ariables  Vp(7r,)  defined  by 

Vpiz,)  =  {3  :  Fis)  =  ,}  (2) 

(in  the  following,  when  the  map  F  is  fixed,  we  will  simply  write  V  in  place  of  Vp). 

Definition  2.2  An  admissible  set  of  filled  places  (with  respect  to  a  set  of  places  H  and  a  map 
F)  is  any  subset  J'ofU  such  that: 

(a)  SING  C  J^;  and 

(h)  ifieJ'th€nV{Tr,):)i9. 

A  place  TTi  is  said  to  be  filled  (with  respect  to  ^)  if  i  ^  T.  I 

Given  an  increasing  sequence  of  integers  r©  =  0  <  rj  <  . . .  <  r/  =  n,  we  define  a  map 
ii:{l,...,n}  —  {1,...,/}  by  putting 

R{i)  =  min{/»  :  r^.j  <  i  <  r/,}.  (3) 

Clearly  R  is  nondecreasing. 

We  also  define  a  map   '  on  V  by  putting 

«'  =  max{i?(»:jen(y.)}.  (4) 

Definition  2.3  An  admissible  set  of  trapped  places  (with  respect  to  a  set  of  places  11,  a  map  F, 
an  admissible  set  of  filled  places  ^,  and  an  increasing  sequence  of  integers  tq  =  0  <  rj  <  . . .  < 
rt  =  n)  is  any  subset  TofU  such  that: 

(a)  ifieT,  then  i'  €  T,  for  all  i'  e  {I rn(,)};  and 


(b)  ifi£7  and  n(y,)  C  7  for  all  s  G  V^C^r,),  then  i  G  T. 

A  place  -Ki  is  said  to  be  trapped  (with  respect  to  T)  if  i  E  T. 

A  variable  y,  is  said  to  be  trapped  (with  respect  to  T)  if  n(j/,)  C  T.  I 

Definition  2.4  An  admissible  set  of  finite  places  (with  respect  to  a  set  of  places  11,  a  map  F,  an 
admissible  set  of  filled  places  T ,  an  increasing  sequence  of  integers  tq  =  0  <  rj  <  . . .  <  r/  =  n, 
and  an  admissible  set  of  trapped  places  T)  is  any  subset  FIN  ofU  such  that 

(a)  J'UTC  FIN; 

(b)  ifll{yt)  C  FIN  and  either  \y,\  <  |y,|  or  \y,\  <  \yt\  is  in  P,  then  U{y,)  C  FIN. 

A  place  TT,  is  said  to  be  finite  (with  respect  to  FIN)  if  i  6  FIN.  I 

3      The  main  result 

We  are  now  ready  to  state  our  main  theorem. 

Theorem  3.1  Let  P  be  a  normalized  conjunction  of  MLSSRC,  whose  distinct  variables  are 
V  =  {y\, . . . ,  l/m}-    Then  P  is  injectively  satisfiable  if  and  only  if  there  exist 

•  a  set  II  =  {ni,. .  .,7rn}  of  places  of  P, 

•  a  map  F  :  {l,...,m) -^  {\,...,n}, 

•  an  admissible  set  of  filled  places  T , 

•  an  increasing  sequence  of  integers  0  =  ro  <  ri  <  . . .  <  r<  =  n, 

•  an  admissible  set  of  trapped  places  T  =  {l,...,rfc, }  C  11  and  an  assignment  of  sets  W  of 
rank  less  than  or  equal  to  ki  to  the  trapped  places  t, 

•  an  admissible  set  of  finite  places  FIN  C  11,  and 

•  a  mapC-.INF^  {0,1 n-f-l},  where  IN  F  =  U\  FIN  and  f  =  \FIN\, 

such  that  the  folloxcing  conditions  are  satisfied: 

Condition  (CI).  No  two  distinct  variables  of  P  are  Il-equivalent. 
Condition  (C2).  The  partial  assignment  defined  over  trapped  variables  y  by 

Wy=     [j    T 
»(y)=l 

is  an  injective  model  for  the  literals  of  P  involving  only  trapped  variables.  Moreover,  if  y, 
and  JTj  are  trapped  and  My,  €  i^},  then  F{i)  =  j. 

Condition  (C3).  If  Tj(y,)  =  1,  then  Rij)  <  R{F{s))  (where  R  is  defined  as  in  (3)). 

Condition  (C4).  If  y,  =  {y,}  is  in  P,  then  n(y.)  =  {F{t)}. 


Condition  (C5). 

(C5.1)  li  Va  <  Vt  [resp.  y,  <  yt]  is  in  P,  then  a*  <  t'  [resp.  s'  <  f]  (where  '  is  the  map 
defined  in  (4)). 

(C5.2)  If  t  G  ^,  then  R{t)  =  max{s'  :  s  G  VCtt,)}  +  1. 

Condition  (C6).  K  \y,\  <  \yt\  [resp.  |y,|  <  \yt\]  is  in  /'  and  n(y,)  n  INF  j^  0,  then 

max{C(j)  :  j  6  U{y,)  D  INF}  <  max{C(j)  :  j  G  n(y,)  n  INF} 
[resp.   max{CO)  :  j  G  n(y,)  n  /7VF}  <  max{C(j) :  j  6  n(y,)  n  /A^F}]. 

(Notice  that  if  n(y,)  n  /A^F  j^  0,  then  n(y,)  n  /iVF  ^  0.) 

Condition  (C7).  Let   ^,  ,    t  G  FIN,  be  distinct  integer  variables.  Then  the  following  system 
SYS    of  equations  and  inequalities  in  the  unknowns  ^,  has  a  positive  integer  solution: 

(C7.1)  if  i  G  FIN  \  T  [resp.  i  G  T\  then 

^.  >  |V^(T.)I 
[resp.  i,  =  |V(7r,)|] 
is  in  SYS; 
(C7.2)  if  |y,|  <  [yd  [resp.  |y,|  <  |y,|]  is  in  P  and  n(y,)  C  FIN  then 

.€n(v.)        j€n(iA) 


res 


is  in  SYS; 
(C7.3)  for  each  t  G  T  the  equation 

is  in  SYS. 


•en(y.)        j€n(v,)    , 


i^  =  |5r.l 


In  the  next  subsections  we  will  show  that  conditions  (Cl)-(C7)  are  necessary  and  sufficient 
for  P  to  be  injectively  satisfiable. 

Theorem  3.1  contains  a  decision  test  for  MLSSRC,  since  all  its  conditions  are  algorithmically 
verifiable.  In  fact,  places  of  F,  admissible  sets  of  filled  places,  etc.,  vary  over  a  finite  family  of 
objects  depending  solely  on  the  conjunction  P  and  a  priori  determinable.  In  addition,  given  any 
admissible  set  of  trapped  places  T  =  {1, . .  .,ri, }  C  11,  there  can  be  only  finitely  many  different 
assignments  of  sets  jr  of  rank  less  than  or  equal  to  k\  to  the  trapped  places  t,  since  V/t,  is  finite. 
Finally,  condition  (C7)  can  be  tested  by  using  any  algorithm  for  solving  integer  linear  programs 
(see,  for  example,  [Sal75],  [GN72]).  Therefore  we  have  the  following  decidability  result: 

Corollau-y  3.1    The  class  MLSSRC  has  a  solvable  satisfiability  problem.  I 


3.1      Necessity  of  conditions  (C1)-(C7) 

We  begin  by  showing  that  conditions  (Cl)-(C7)  of  Theorem  3:i  are  necessary  for  a  normalized 
conjunction  P  of  MLSSRC  to  be  injectively  satisfiable.  So,  let  P  be  such  a  conjunction  and 
let  M  be  a  1-1  model  for  P.  Let  also  V  =  {yi, . . . ,  Vm}  be  the  set  of  variables  occurring  in  P. 
Consider  the  disjoint  regions  cti,  . .  .,£T„  of  the  Venn  diagram  of  the  sets  M  j/i, .  ..,Mym  in  the 
universe 

U  =  Myi  U  . . .  U  Mym  U  {Myi ,...,  Mym). 

Clearly  each  region  a  determines  a  place  tt  of  P  defined  on  V  by  putting 

1    ifaCMx 


''^^^~  ^    0    ifCTnA/i  =  0. 

Let  n  be  the  set  of  all  such  places.  Notice  that  My,  =  U»j(v,)=i  <^j'  foi"  ^^h  variable  y,  in  P. 
Therefore,  if  i,  y  are  distinct  variables  of  P,  by  the  injectivity  of  A/,  Mx  ^  My,  so  that  there 
exists  a  place  tt  £  11  such  that 

7r(i)  =  1  if  and  only  if  7r(t/)  =  0. 

Hence  condition  (Cl)  is  satisfied. 

Next,  for  each  variable  y,,  let  a^'  denote  the  region  of  the  Venn  diagram  which  contains  My, 
a£  an  element.  Then  we  define  the  map  F  :  {l,...,m}  — ►  {l,...,n}  by  putting 

F{s)zzj     if  and  only  if    My,  £  Cj  {=  a'^').  (5) 

We  also  put 

Clearly,  /"  is  an  admissible  set  of  filled  places. 

Without  loss  of  generality,  we  can  assume  that  the  sets  ai , . . . ,  ct„  are  indexed  in  such  a  way 
that  if  rank{<7i)  <  rank{aj),  then  i  <  j.  This  determines  uniquely  an  increasing  sequence  of 
integers  tq  =  0  <  rj  <  . . .  <  r/  =  n  such  that  for  all  t,  i'  6  { 1 , . . . ,  n} 

ranfc(<T,)  =  ranfc(<T,>)  iff  r/,_i  <  i,i'  <  r^^  ,  for  some  /i  €  {1, . . .,/}. 

To  find  an  admissible  set  of  trapped  places,  we  use  the  following  procedure. 

Proc  Find  .Trap; 

T-0; 

WHILE  there  exists  j  in  {1, . . . ,  n}  \  T  such  that  either 

(a)  raTik{<Tj)  <  rank{Gy),  for  some  j'  G  T,  or 

(b)  j  &  !F  and  {t   :  <r,  C  My,  for  some  My,  E  cTj)  C  T 
DO 

END  WHILE. 


It  can  easily  be  verified  that  the  set  T  produced  by  the  above  procedure  has  the  form 
{1, . . . ,  Tfcj },  for  some  0  <  ki  <  t  and  that  it  is  an  admissible  set  of  trapped  places  according  to 
Definition  2.3. 

Notice  that  the  number  k\  is  an  upper  bound  for  the  rank  of  any  set  Oj,  j  6  T.  Therefore, 
for  each  j  £  T  we  can  put 

iTj  =Def  «^j- 

To  show  that  condition  (C2)  is  satisfied,  let  y,  and  tTj  be  trapped  and  such  that  My^  G  tt,-. 
Since  My,  =  My,  and  ¥j  =  ctj,  by  (5),  we  have  F{s)  =  j. 

K  TTjiya)  =  1,  i.e.  ctj  C  My,,  then  rank(aj)  <  rank{My,)  <  rank{ap^^,)).  Thus  R{j)  < 
R{F{s)),  showing  that  condition  (C3)  is  also  satisfied. 

Next  suppose  that  y,  =  {j/J  is  in  P.  Then  My,  =  {Myt},  from  which  n(y,)  =  {F{t)}, 
proving  condition  (C4). 

Let  us  put 

FIN  -  {j  e  {l,...,n}   :  a_,  is  finite}. 

It  is  straightforward  to  see  that  FIN  is  an  admissable  set  of  finite  places,  according  to  Definition 
2.4. 

Suppose  now  that  My,  <  Myt.  Then  clearly 

ma.x{rank{ai)   :  i  6  U.{y,)}  <  max{ran/c(<7j)   :  j  G  n(j/()}. 

Therefore  s*  <  t*.  Analogously,  if  My,  <  Myt,  then  s'  <  t* .  Moreover,  if  t  G  ^,  then  the  set 
<7,  has  only  elements  of  type  My,,  y,  G  V.  Hence  rank{a,)  =  ranfc(M j/()  +  1,  where  Myt  is  an 
element  of  maximum  rank  in  a,.  This  implies  that  R{i)  =  max{5*  :  s  G  V'()rj)}  +  1,  thus  proving 
condition  (C5). 

Let  /  =  \FIN\  and  suppose  that  there  are  at  most  p  G  {1,...,ti  -  /}  infinite  sets  a,  of 
different  cardinality.  We  can  then  define  a  function  C  from  INF  onto  {0, . .  .,p  —  1}  in  such  a 
way  that  C{ji)  <  C{J2)  if  and  only  if  |aj,  |  <  \cj^\.  Then  clearly  condition  (C6)  is  true. 

Finally,  let  SYS  be  the  system  defined  in  condition  (C7)  of  Theorem  3.1.  Then  it  can  easily 
be  verified  that 

^,  =  \aj\,     for  je  FIN 

is  a  positive  integer  solution  of  SYS,  so  that  condition  (C7)  is  satisfied  too. 

We  have  then  showed  that  the  conditions  of  Theorem  3.1  are  necessary  for  P  to  be  injectively 
satisfiable.  In  the  next  subsection  we  will  prove  the  converse. 

3.2      Sufficiency  of  conditions  (Cl)-(C7) 

Again,  let  P  be  a  normalized  conjunction  of  MLSSRC  with  variables  V  =  {yi,...,ym}-  Assume 
that  there  exist  a  set  11  =  {ti,.  ..,t„}  of  places  of  P,  a  map  F  :  {1,.  ..,m}  — ►  {1,.  ..,n},  an 
admissible  set  of  filled  places  .F,  an  increasing  sequence  of  integers  0  =  tq  <  rj  <  . . .  <  r/  =  n, 
an  admissible  set  of  trapped  places  T  =  {1, . . . ,  r^j }  C  n,  an  assignment  of  sets  W  C  V^,  to  the 


trapped  places  tc,  an  admissible  set  of  finite  places  FIN ,  and  a  map  C  :  IN F  —*  {0,1,. .  .,n  - 
f  -  1},  such  that  conditions  (Cl)-(C7)  are  satisfied.  In  particular,  let 

^.  =  ^.  ,    ieFIN 

be  a  positive  integer  solution  of  the  system  SYS. 

We  will  exhibit  below  a  procedure  that  under  such  hypotheses  constructs  sets  <7i,  1  <  i  <  n, 
such  that  the  assignment 

M'y,=      U      a,  (6) 

7r,(y,)  =  l 

is  an  injective  model  of  P. 

Let  k'  G  {ki  +  l,...,i+  1}  be  the  maximum  integer  such  that  {j  :  R{j)  <  k'}  C  FIN. 
Notice  that  ii  k'  =  i  +  I  then  INF  -  0.  In  this  case  or  '\i  k'  =  ki  +  I  we  put  ^2  =  '='  -  1- 
Otherwise  we  introduce  the  function  S  :  {1, . . .,  0  "~*  {Oi  1}  defined  by 

S{h)  =  1  if  and  only  if  /i  =  R{j),  for  some  j  e  J^  ,  (7) 

for  all  /i  =  !,...,£.  So  we  define  k2  to  be  the  integer  in  {ki,. .  .,k'  —  1}  such  that  5(A;2  +  1)  =  0 
and  S{h)  =  1  for  all  itj  4-  1  <  /i  <  k'.  It  will  follow  from  the  construction  to  be  given  below  that 
rank(aj)  <  No  if  and  only  if  j  <  rjtj. 

Let  7  >  m  be  any  finite  ordinal  such  that 

|V.,\V^_,|>(n+l).    Yl    ^.  +  "^-  (8) 

Let 

c  =  raax{C(t):  j6 /A'F) 

and  put 


Let  Br^  +1, . . . ,  fi„  be  pairwise  disjoint  sets  of  rank  7  and  such  that 


(9) 


i^FlN 

Notice  that  (8)  guarantees  that  such  sets  can  be  found. 
Let  us  also  put 

Ij  =  {o{j)  +  RU)}  l>  B,  ,  (10) 

for  J  =  Tfc,  +  1, . . . ,  n.  Observe  that 

!^;l     =        E    ^.+  1  (11) 

ieFIN 

rank{I,)     =     a{j)  +  R{j) -\- I.  (12) 

Moreover,  we  have  the  following  lemma. 


Lemma  3,1   For  all  jj'  €  {r^,  +  1, . . .  ,n},  j  /  j', 

I,^Iy,IjjtIy 

Proof.  Suppose  that  /,  G  ly-  Since  rank{Ij)  =  a{j)  +  R{j)  +  1  it  follows  that  I-j  ^  By.  Thus 
Ij  =  a(j')  +  R{j'),  contradicting  the  fact  that  Ij  is  not  an  ordinal. 

The  second  part  of  the  assert  follows  from  the  disjointness  of  the  sets  Bj.  ■ 


Let  now 


Then,  for  j  =  r^,  +  1, . . . ,  n,  there  are  sets  Aj  such  that 


A,  c  pj^vr    'V^""  ,14, 

t  ^Nc  \  V-r+^+3    otherwise 

\A,\     =     d,         ifrfj>0  (15) 

A,^{[jA,\^  {/(.)  :  r,,  <  i  <  n])  =  0,  (16) 


Following  the  increasing  order  of  indices  we  put 


a,  =  < 


Fj  if  j  e  T 

{A/-y.  :  F(s)  =  j}  ifje/-  (17) 

{M'y,  :  F(a)  =  j}U  >1;U  {/j}     otherwise 


where  M'y,  is  inductively  defined  as  in  (6). 

Notice  that  (17)  is  well  given.  Indeed,  if  F{s)  =  j,  then,  by  (C4),  R{i)  <  R{j)  for  all 
•  G  n(y,).  In  particular,  since  R  is  nondecreasing,  t  <  j,  i.e.  the  set  M*j/,  =  Uir,(v,)=i '^i  'S 
already  defined  when  it  is  used  in  the  definition  of  a^.  Moreover,  we  have  the  following  lemma. 

Lemma  3.2  Ij  jt  M'y,  for  all  r^,  <  j  <  n  and  1  <  «  <  m. 

Proof.    It  is  enough  to  observe  that  if  Il{y.)  D  INF  ^  0  then  \M'y,\  >  Kq,  whereas  if  U{y,)  D 
INF  =  0  then  |A/-y,|  <  E.eF/zv^.  On  the  other  hand,  by  (11),  |/,|  =  E.eF/N^-  +  1-  ■ 

The  sets  a^'s  satisfy  several  useful  properties.  The  most  important  are  listed  in  the  following 
lemma. 

Lemma  3.3  (Al)  rank{aj)  <  m,  for  all  1  <  j  <  rjt, ; 

(A2)  rank{aj)  =  rank{{Ij})  =  q(;)  +  R{j)  +  2  for  all  r^,  <  j  <  n  and  rank{M'y,)  =  Q{r,.)  + 
s'  +  2; 

(AS)  a,  i^  0; 

(AJ^)  Oj  is  finite  if  and  only  if  j  6  FIN  and  in  this  case  \aj\  =  ^j\ 

(A5)  a,  n  ay  =  0,  for  all  j'  G  {1, . . . ,  n},  j V  J\ 
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(A6)  |a,|  =  Kco)  ifjelNF. 

Proof.  Properties  (A1)-(A5)  can  be  proved  much  in  the  same  way  as  in  Lemma  4.2  in  [CC88]. 
The  fact  that  \aj\  =  J^,  for  each  j  €  FIN,  follows  easily  from  (13),  (14),  (15),  and  (17).  Property 
(A6)  can  be  proved  analogously.  ■ 

We  are  now  ready  to  show  that  M'  is  an  injective  model  for  P. 

Injectivity  of  M'  and  clauses  of  type  {  =  ). 

From  (Cl),  (A3)  and  (A5),  it  follows  that  M'  is  injective.  Moreover,  by  the  definition  of 
places,  all  clauses  in  P  of  type  x  =  y  U  z,x  =  y\  z  are  correctly  modeled. 

Clauses  of  type  ({•}). 

By  (C4),  if  y,  =  {yj  is  in  P,  then  U{y,)  =  {F{t)}.  Thus  by  (17)  M'y,  =  {M*j/J. 

Clauses  of  type  (<,<)• 

From  (C5.1),  if  y,  <  yt  is  in  P,  then  s'  <  t' .  Thus  M'y,  <  M'yt  follows  from  (A2)  and 
from  the  fact  that  the  maps  q  and  *  (respectively  defined  in  (9)  and  (4))  are  nondecreasing. 
Analogously  for  clauses  of  type  y,  <  yt- 

Clauses  of  type  (|  |<  ,  |  |<). 

Assume  that  \y,\  <  \yt\  occurs  in  P.  Since  M'y,  is  finite  if  and  only  if  11(1/,)  C  FIN,  the 
only  two  non  trivial  cases  are  : 

(i)  n(y,)  C  FIN.  Then  U{y.)  C  FIN.  Therefore,  from  (A4),  \cTj\  =  J^,  for  all  j  e  n(y,)U 
n(yt),  so  that  \M'y,\  =  E.en(w)^'  ^"^  l^/'ytl   =  Ejen(v,)^r    B"t  by  condition 
(C7.2),  E.€n(v.)^.  <  E,en(v.)^;'  implying  \M-y,\  <  |A/*y,|. 
(ii)  n(y.)  n  INF  jL  0.  Then,  by  (C6),  max{C(j)  :  j  6  n(y,)  D  INF}  <  max{C(j)  :  ;  G 
Uiyt)  n  INF}.  Thus,  by  (A6),  \M'y,\  <  \M'yt\. 

Analogously  for  clauses  of  type  |yj|  <  |y,|. 

This  shows  that  M*  is  an  injective  model  for  P,  thus  completing  the  proof  of  Theorem  3.1. 

4      Final  remarks 

We  conclude  with  the  following  remarks. 

Remark  4.1  In  the  theory  MLSSRC  it  is  possible  to  express  (1)  natural  numbers,  (2)  the  Finite 
predicate,  and  (3)  addition  of  cardinal  numbers.  Indeed, 

(1)  integers  can  be  expressed  in  the  following  way: 

0  =  0,  1  =  {0},  2=  {0,1},  3  =  {0,1,2},  ... 
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and  in  general 

n  +  l  =  {0,l,...,n}, 

where  the  finite  enumeration  operator  {•,...,}  can  easily  be  expressed  in  terms  of  repeated 
applications  of  the  singleton  and  the  binary  union  operators.  So,  literals  like  x  =  n,  where 
n  is  a  nonnegative  constant,  are  expressible  in  MLSSRC. 

(2)  The  predicate  Finite{x)  [resp.  -' Finite{x)]  is  equivalent  to  the  MLSSRC  formula 

I  =  0V(y  G  iA|i\{y}|  <  |i|) 

[resp.  y  e  X  A  |x\{y}|  =  |i|  ]. 

(3)  |a;|  +  \y\  =  \z\  is  equivalent  to  the  conjunct: 

\x'\  =  \x\A  \y'\  =  |y|  A  x'  n  y'  =  0  A  \z\  =  \x'  U  y'\, 

where  obviously  \v\  —  \w\  is  a  short-hand  for  |u|  <  \w\  A  \w\  <  \v\.  I 

Remsu-k  4.2  The  theory  MLSSRC  remains'  decidable  even  if  it  is  extended  by  the  predicate 
H F{s)  which  says  that  the  set  s  is  hereditarily  finite.  (We  recall  that  a  set  is  hereditarily  finite 
if  in  any  chain  of  type 

Sr  G  Sr-l   G   •  •  •  G  5i   e  5o  =  S  , 

«r  is  finite,  or,  equivalently,  rank{s)  is  finite.) 

In  this  case  Theorem  3.1  has  to  be  modified  so  ais  to  include  the  following  additional  condi- 
tions: 

Condition  (C8).  If  HF{y,)  occurs  in  P,  then  X[{y,)  C  FIN. 

Condition  (C9).   Let  the  map  5  :  {1, . . .  ,^}  -*  {0,1}  be  defined  as  in  (7).  Then  there  must 
exist  an  integer  k2  G  {^i,. .  .t]  such  that: 

•  if  nF{y,)  is  in  P  and  t'  G  V(y,),  then  R{i)  <  Jt2; 

•  j  e  FIN,  for  all  j  such  that  R{j)  <  itj; 

•  S{k2  +  1)  =  0.  I 
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